drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem

commit e168c25526cd0368af098095c2ded4a008007e1b upstream.

When the mapping is already reaped the unmap must be a no-op, as we
would otherwise try to remove the mapping twice, corrupting the involved
data structures.

Cc: stable@vger.kernel.org # 5.4
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Tested-by: Guido Günther <agx@sigxcpu.org>
Acked-by: Guido Günther <agx@sigxcpu.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/gpu/drm/etnaviv/etnaviv_mmu.c b/drivers/gpu/drm/etnaviv/etnaviv_mmu.c
index 9fb1a2a..aabb997 100644 (file)
--- a/drivers/gpu/drm/etnaviv/etnaviv_mmu.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_mmu.c
@@ -286,6 +286,12 @@ void etnaviv_iommu_unmap_gem(struct etnaviv_iommu_context *context,
 
        mutex_lock(&context->lock);
 
+       /* Bail if the mapping has been reaped by another thread */
+       if (!mapping->context) {
+               mutex_unlock(&context->lock);
+               return;
+       }
+
        /* If the vram node is on the mm, unmap and remove the node */
        if (mapping->vram_node.mm == &context->mm)
                etnaviv_iommu_remove_mapping(context, mapping);